We recently learned that the US government was a victim of multiple data breaches within various federal agencies. As you’d expect, all of the details are not yet known, but the Commerce Department has acknowledged that it was a target by attackers. The group responsible is believed to be linked to Russia. Cybersecurity analyst Mark Wright of Sentinel One, commented on the attack, stating, “It’s been said on a scale of one to 10 this is probably an 11 for the type of attack, the magnitude and the potential damage it’s done.”
The breach was initially reported as an attack that stole information from the U.S. Treasury and was tied to a foreign government. Reports now also include the Department of Homeland Security and the Agriculture Department in the targeted attacks.
It happened when cybercriminals were able to access the agencies through the third-party software vendor SolarWinds, which works with businesses and organizations including many governments and Fortune 500 companies.
The magnitude of this breach was such that for only the fifth time in the history (created in 2015) of the Cybersecurity and Infrastructure Security Agency, a directive to review all systems was given to all federal civilian agencies.
What Is So Different About This Breach?
Well first, it is an extremely serious matter, one that the National Security Council met to review at the White House over the weekend. It also verifies that foreign countries, along with Russia, are not stopping their attempts to take advantage of any weak links within the United States’ cybersecurity. This brings to question the motives of such an attack.
The skill of the attackers has also caught experts off guard. They fear that the breaches go back as early as last spring, has been running without detection. With deployment occurring via SolarWinds software updates, this was creative and a hard to detect way of committing the crime. They manipulated users by latching onto the trust in one company and also in keeping with the recommended practice of updating software to fend off cyber-attacks. A double whammy of sorts. As they gain entry, they would then slowly gather more and more credibility and access.
One of the big questions that arose while researching this breach, was whether or not we rely too heavily on a few big players to keep our businesses running. Wide impacting circumstances like the pandemic put us at greater risk, do we now need to consider the wide impact of businesses who are good at what they do? All of this, and more, will be looked at and considered as this situation unfolds.